> I know that EIP register is the instruction pointer. But how does it
> know how many bytes it needs to increment to the next instruction?
It doesn't "know", per se. The processor simply decodes the current
instruction. As the instruction is unpacked, it fetches bytes from
memory as they are called for. When it's done, the EIP register will
be pointing at the next instruction.
Of course, the above description is only notional. With the highly
parallel processing that goes on in the Pentium family of processors,
there is special circuitry whose job it is to pull instructions out of
memory ahead of time and prepare them for decoding. This circuitry
knows just enough about each instruction to work out how long it is.